Recently active topics

This message originated from Cribl Community Slack.Click here to view the original link.I teleported into a worker node and I was checking the CPU usage of the the Worker Processes. Are the data points in percentage?Links for this message:image.png

This message originated from Cribl Community Slack.Click here to view the original link.Hi everyone, is there anything that could trip us up if we wanted to run a collect job for data stored in Amazon Security Lake S3?

This message originated from Cribl Community Slack.Click here to view the original link.How do you handle masking/redacting in Cribl Search?

This message originated from Cribl Community Slack.Click here to view the original link.Question: Is Cribl Stream basically the cloud‑hosted platform, while Cribl Edge is the on‑prem agent that runs on your own servers or VMs?

This message originated from Cribl Community Slack.Click here to view the original link.Is there a way to dynamically set Datadog tags in a Datadog log destination?

This message originated from Cribl Community Slack.Click here to view the original link.Hi team, quick question about SSL/TLS. Outbound traffic from Edge/Stream to S3 is already encrypted, but we want to ensure inbound data sent to Cribl is encrypted if it may cross the internet. Do we need to enable SSL/TLS on the Listener for inbound data in that case Can Edge/Stream use a self‑signed certificate If so, is adding that cert to the sender’s trust store the correct approach

This message originated from Cribl Community Slack.Click here to view the original link.Struggling with understanding pagination on a particular REST API: https://docs.dynatrace.com/docs/discover-dynatrace/references/dynatrace-api/environment-api/rum/user-sessions/table#parameters The data that comes in does not explicitly include an indicator for which one of these to use: https://sandbox.cribl.io/coursedocs/rest/docs/7_pagination#offsetlimit https://sandbox.cribl.io/coursedocs/rest/docs/7_pagination#pagesize I've tried both and it either never goes past the 5000 records collected or the job continuously runs without stopping, running the same query over and over again for each page per collector job. Based on the latter, I believe I need to be using Offset/Limit, but the parameters explicitly say pageSize & pageOffset

This message originated from Cribl Community Slack.Click here to view the original link.I am working on collecting Workday Sign-on Activity logs in Cribl I am having issues in obtaining Access token. How I can configure this in Cribl Authorization to get this working. <#C08L895TEEQ|> This is how I am doing it in Postman and it returns me access token, create a new POST request. Set the URL to: https://<your_workday_domain>/ccx/oauth2/token Go to the Authorization tab: Type: Basic Auth Username: Client ID Password: Client Secret Switch to the Body tab and select x-www-form-urlencoded Add the following key-value pairs: grant_type: refresh_token refresh_token: _token_value_

This message originated from Cribl Community Slack.Click here to view the original link.Hi. I created a raw HTTP/S source in Cribl on port 10081. When a .NET client tries pushing JSON data to the endpoint a 403 response is received. It's not an issue with proxies/firewalls and not due to any problems with auth tokens. We aren't having this issue using our other sources in Cribl Cloud. Has anyone run into similar issues and if so, how were they resolved?

This message originated from Cribl Community Slack.Click here to view the original link.I can't figure out how to use an environment variable that has been set in collector script running a python script. I have tried prefixing the environment variable with $, using just the variable name as set, using envVar., c.Vars. as well as a few other ways. Why isn't this documented somewhere? A screenshot of my env variables and their use in the python script are provided in the graphic below.Links for this message:image.png

This message originated from Cribl Community Slack.Click here to view the original link.Hey ya'll! REST Collector question - API call to PingID endpoint /monitoring/logs to retrieve events. I'm having some trouble with the stored state being formatted as the API is expecting. parameter: beginTime = C.Time.strftime((state.latestTime+.001).toPrecision(13), "%Y-%m-%dT%H:%M:%S.%f") response: {"code":400,"message":"parameter \"beginTime\" in query has an error: string doesn't match the format \"date-time\": string doesn't match pattern \"^[0-9]{4}-(0[1-9]|10|11|12)-(0[1-9]|[12][0-9]|3[01])T([0-1][0-9]|2[0-3]):[0-5][0-9]:([0-5][0-9]|60)(\\.[0-9]+)?(Z|(\\+|-)[0-9]{2}:[0-9]{2})?$\""}

This message originated from Cribl Community Slack.Click here to view the original link.Greetings all. How can I get a more detailed view into what is comprising the storage on my Hybrid workers? Although I recently started configuring the workergroup (handful of sources, destinations, and 4 routes), the wg storage is high with ~5 TB of 5.5 TB in use. I wouldn’t have expected it to be nearly maxed out. Additionally, some worker groups with no configurations and no data flowing through them are also nearing their storage limits. Persistent Queue isn’t enabled on any sources or destinations

The Cribl.Cloud API makes it easy to export and import configurations across your deployment. This lets you quickly back up, restore, or migrate configurations between Cribl.Cloud organizations.All API interactions can be run programmatically using common scripting languages. To show this in action, we’ve provided a set of Bash scripts below that migrate all configuration files from one Cribl.Cloud organization to another.Export Script Import ScriptFor a complete walkthrough on how to use these scripts, watch the video below. 

https://adatosystems.com/2026/01/30/job-listings-for-week-ending-1-30/

This release fixes four critical issues affecting Cribl Insights and HTTP-based Destinations for Cribl Insights, Cribl Stream, and Cribl Edge users. Cribl Search and Cribl Lake are not impacted.Release notes:• Stream• Edge• InsightsAction requiredCribl.Cloud:Log in to your account and launch Cribl Stream or Cribl Edge. If the update requires it, click Deploy.  The UI will clearly indicate when a deployment is needed.If you’re running hybrid Workers without auto-upgrade enabled, manually upgrade them to 4.16.1 to maintain compatibility.On-prem:Download and install the 4.16.1 update directly.

How do I identify the correct ingest API endpoint (POST /api/v2/logs/ingest) and validate tokens when the UI uses apps.dynatrace.com but the backend lives under live.dynatrace.com?”

Does Cribl Stream evaluate mask rules sequentially, and is there an optimal ordering strategy for high‑complexity regexes?

You asked. We listened. Then we shipped.Platform• Cribl Insights: Can I get a “hell yeah!”? Built-in monitoring. No bolt-ons. No guesswork.Stream• Clone Packs (with dependencies): Certs, Secrets, and vars come along automatically.• AI Packs: OpenAI, Gemini, Bedrock, SageMaker, Foundry.  Route AI data with intent.• Group Variables for Packs: Define once, reuse everywhere.Edge• More Fleets: Support for up to 250 Fleets.Lake• Lakehouse pricing update: Lower cost, and more flexible retention.Search• Notebooks Export to PDF: Portable/sharable exports.• HTTP API Provider: Proper pagination for full datasets.These are just the highlights. Check out the full release notes for Stream, Edge, Search, and Lake.Cribl.Cloud customers are already upgraded—just click Deploy.On-prem customers can download the update now.

Stream - Source Pack to collect and process Microsoft Foundry AI-related data from an Azure Event Hub View Pack

Stream - Collector Pack to collect and process Workday Activity data View Pack

Stream - Source Pack to process data from Amazon Bedrock. View Pack

Stream - Source Pack to process data from Amazon SageMaker. View Pack

Stream - This Cribl Pack is designed to streamline the integration of common Cribl data sources with Google Security Operations (SecOps). View Pack

Stream - Collector Pack for processing Abnormal.ai data View Pack

- Collector Pack to process data from the Wiz API View Pack